From 4bb35bfb1020b0902815b3566ae8511c8c3738e4 Mon Sep 17 00:00:00 2001
From: ands <ands>
Date: Wed, 27 Nov 2013 01:10:52 +0100
Subject: [PATCH] prevented remote code execution according to a report filed
 on the old github repository.

---
 webroot/ajax.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webroot/ajax.php b/webroot/ajax.php
index ba54328..674f8c3 100755
--- a/webroot/ajax.php
+++ b/webroot/ajax.php
@@ -7,7 +7,7 @@
 
   if(isset($_GET["say"]))
   {
-    exec('echo "'.$_GET["say"].'" > tmp/say');
+    exec('echo "'.escapeshellarg($_GET["say"]).'" > tmp/say');
   }
 
 ?>
-- 
GitLab